» plugin_container.exe
Overview
Analysis
File Details
Behaviors (1)

plugin_container.exe

Marc Skawran

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘plugin_container’.

File name:

Publisher:

Marc Skawran (signed and verified)

MD5:

740d0e52bfec628a7d5ca2926bb54df7

SHA-1:

44fbbceb706ae0fbe9bf542d43dad3dd4d2ec1a9

SHA-256:

cc61ff99806853ab08a2d62d9294ddb0b6bfb9b04b2092819f41809537b21914

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

8/13/2025 6:04:05 PM UTC (today)

File size:

330.3 KB (338,192 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\plugin_container\plugin_container.exe

Digital Signature

Signed by:

Marc Skawran

Authority:

StartCom Ltd.

Valid from:

2/4/2014 7:23:08 AM

Valid to:

2/5/2016 3:22:40 PM

Subject:

E=m.skawran@networksys.org, CN=Marc Skawran, L=Tagum City, S=Davao del Norte, C=PH, Description=uwZYx59gN3N1gr77

Issuer:

CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:

0CDB

File PE Metadata

Compilation timestamp:

3/11/2013 3:52:18 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

6144:OZqLDhiqCDCgLUnTUEmj+u+4+DTQ+NOhDhVhvcrcd9v8ZEcow8XkBp7H0OmTyNAw:7BCDCg+n2T8IFKwBbI

Entry address:

0x12A0

Entry point:

55, 89, E5, 83, EC, 08, C7, 04, 24, 02, 00, 00, 00, FF, 15, 80, 51, 41, 00, E8, 98, FE, FF, FF, 90, 8D, B4, 26, 00, 00, 00, 00, 55, 8B, 0D, 9C, 51, 41, 00, 89, E5, 5D, FF, E1, 8D, 74, 26, 00, 55, 8B, 0D, 90, 51, 41, 00, 89, E5, 5D, FF, E1, 90, 90, 90, 90, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, 10, 41, 00, E8, 36, 83, 00, 00, 52, 85, C0, 74, 65, C7, 44, 24, 04, 13, 10, 41, 00, 89, 04, 24, E8, 29, 83, 00, 00, 83, EC, 08, 85, C0, 74, 11, C7, 44, 24, 04, 08, 40, 41, 00, C7, 04, 24, E0, 2E, 41, 00, FF, D0, 8B... 
[+]

Packer / compiler:

MingWin32

Code size:

40.5 KB (41,472 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

plugin_container

Command:

"C:\Program Files\plugin_container\plugin_container.exe"

Scan plugin_container.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.